Firewall, ISP, VPN and Proxy servers | Introduction with Network Devices Part 2
Hello, I am Sourav Khanna. Today we are going to discuss some security network devices. And then we will move on to some optimization and performance devices. And with that, let’s go ahead and begin this session. And we will begin by talking about security devices. First up is the firewall.
What is a Firewall:-
Now a firewall can be placed on routers or hosts in that it can be software-based or it can be its own device. A firewall functions at multiple layers of the OSI model, specifically at layers 234 and seven. A firewall can block packets from entering or leaving the network.
And it does this through one of two methods it can do it through stateless inspection, in which the firewall will examine every packet that enters or leaves the networks against a set of rules. Once the packet matches a rule, the rule is enforced in the specified action is taken, or it may use state full inspection.
This is when a firewall only examines the state of a connection between networks. Specifically, when a connection is made from an internal network to an external network. The firewall will not examine any packets returning from the external connection. It only cares about the state of the connection.
As a general rule, external connections are not allowed to be initiated with the internal network. Now firewall is the first line of defence in protecting the internal network from outside threats. You can consider the firewall to be the police force of the network. Then there is the intrusion detection system.
What is an Intrusion detection system:-
The IDs and IDs is a passive systems designed to identify when a network breach or attack against the network is occurring. They are usually designed to inform a network administrator when a breach or attack has occurred. And it does this through log files, text messages, and is through email notifications Friends, and IDs cannot prevent or stop a breach or attack on their own.
The IBS receives a copy of all traffic and evaluates it against a set of standards. The standards that it used may be signature-based. This is when it evaluates network traffic for known malware or attack signatures, or the standard may be anomaly-based. This is where it evaluates network traffic for suspicious changes, or it may be policy base.
This is where it evaluates network traffic against a specific declared security policy. An ID may be deployed at the host level when it is deployed at the host level. It is called a host-based intrusion detection system, we hide more potent than the intrusion detection system is the intrusion prevention system.
What is an Internet Service Provider (ISP):-
The IPS known as Internet Service Provider is an active system designed to stop a breach or attack from succeeding and damaging the network. They are usually designed to perform an action or set of actions to stop the malicious activity. They will also inform a network administrator through the use of log files, SMS, text messaging, and or email notification. For an IPS to work.
All traffic on the network segment needs to flow through the IPS as it enters and leaves the network segment. Like the IDS all of the traffic is evaluated against a set of standards and they are the same standards that are used on the IDs. The best placement on the network segment is between a router with a firewall hopefully, and the destination network segment.
That way all the traffic flows through the IPS. IPS are programmed to make an active response to the situation, they can block the offending IP address, they can close down vulnerable interfaces, can terminate network sessions, and can redirect the attack. Plus there are more actions that an IPS can take. The main thing is that they are designed to be active to stop the breach or attack from succeeding and damaging your network.
What is a Virtual Private Network (VPN):-
Let’s move on to the virtual private network concentrator the VPN concentrator. Now this will allow for many secure VPN connections to a network. The concentrator will provide proper tunnelling and encryption depending upon the type of VPN connection that is allowed to the network. Most concentrators can function at multiple layers of the OSI model.
Specifically, they can operate at layer two, layer three, and layer seven. Now outside of internet transactions, which use an SSL VPN connection at layer seven, most concentrators will function at the network layer or layer three of the OSI model, providing IPsec encryption through a secure tunnel.
Now let’s talk about optimization and performance devices. We will begin by talking about the load balancer. A load balancer may also be called a content switch or a content filter. It is a network appliance that is used to load balance between multiple hosts that contain the same data.
This spreads out the workload for greater efficiency. They are commonly used to distribute the requests or workload to a server farm among the various servers in the farm, helping to ensure that no single server gets overloaded with work requests.
What is a Proxy Server?
Then there is the proxy server. A proxy server is an appliance that requests resources on behalf of a client machine. It is often used to retrieve resources from outside untrusted networks on behalf of the requesting client. It hides and protects that requesting client from the outside untrusted network.
It can also be utilized to filter allowed content back into the trusted network. It can also increase network performance by caching or saving commonly requested web pages. Now that concludes this session on the introduction to network devices, part two we talked about some security devices that you may find on your network.
And we concluded with optimization and performance devices that may also be present.
For More Details about Networking devices and the Internet follow our other articles on this website.